Jump To
- Install Steps
- Install Commands
- Post Install
- Enable your CKS Server
- Validate your CKS Server
- Additional CKS Servers
Install Steps
-
Install Docker
-
Download Install Script
-
Run Install Script
-
Start CKS Service
Install Commands
Install Docker
If completed during prerequisites, you can skip to "Download and Execute Setup Script"
#Install Docker
sudo curl -sSL https://get.docker.com/ | sh
Download and Execute Setup Script
Shell Commands
mkdir /var/virtru
mkdir /var/virtru/scripts
cd /var/virtru/scripts
curl -s https://raw.githubusercontent.com/virtru/cks-setup-script/main/download.sh -o download.sh
bash ./download.sh
bash ./cks-setup-scripts/setup-cks-latest.sh
Warning: If SELinux is in use please reference this article.
Offline Install
To run the installer in offline mode first follow prerequisites listed here. Then execute:
bash ./setup-cks-latest.sh
-o true
Recommended
The installer will create all appropriate directories. The recommended install root directory: /var/virtru/cks/
CKS Domain Selection
During the install, enter the CKS URL of your choice. The installer creates a self-signed TLS certificate for transport security based on the domain given.
Support URL and Email
Enter your support email address, as well as the primary support domain for your organization. This will be logged by Virtru for use by our Technical Support team if error’s are generated.
Virtru Organization ID
Enter your Virtru Org ID provided by your Virtru representative. This will allow for JWT authentication to be set up with your new CKS server.
HMAC Authentication
You will be prompted to use HMAC auth:
-
Select yes to leverage HMAC token authentication
Self Signed Certificate Creation
In the next section, the script will prompt for certificate request information. This information is needed to create the self-signed certificate that will be used by your CKS server as a placeholder. Once all inputs are put in place within the CKS setup wizard, we recommend replacing the self-signed certificate with a valid CA signed TLS certificate. This will be located in the /var/virtru/cks/ssl directory once the setup wizard completes.
Note:
To prevent decryption errors, the order of cert chain in the .crt file must be formatted correctly. The certificate for your CKS FQDN must come before the intermediate and/or root certificates within the .crt file.
CKS Re-Wrap Keys (RSA key pair)
Once complete, the installer will generate your RSA Key Pair and then output key information for your install. Please take the time to ensure all fields are correctly filled out.
Post Install
Once completed, the setup script will have created the following:
- The Environment Variables for the Virtru Private Keystore and its companion containers
- tokens.json file that defines the HMAC token used to authenticate between Virtru and your CKS service. It is also automatically loaded into the environment variables in env/cks.env
- run.sh file to run the deployment.
- RSA Key Pair
- in the cks/keys directory, verify that rsa001.pem and rsa001.pub have 644 permissions applied
chmod 644 rsa001.pem
chmod 644 rsa001.pub
- Replace self-signed certificate with a valid CA signed TLS Certificate in the /var/virtru/cks/ssl directory
Email send_to_virtru.tar.gz to Virtru
Please click here for detailed steps on downloading the send_to_virtru.tar.gz file.
Once the script has completed successfully, a file, send_to_virtru.tar.gz will be in your /var/virtru/cks/ directory. This file will contain the required information so that Virtru can communicate with your CKS appliance.
Send the file via Secure Share to the deployment team:
Enable your CKS Server
Once the script has completed, the Virtru Private Keystore is ready to turn on and verify connectivity.
Shell Commands
cd /var/virtru/cks
sh run.sh
Example Directory
Validate your CKS Server
Check that your CKS container started successfully with the below command
docker ps -a
View the logs from the container to ensure the process started successfully
docker logs <containerID> -f
Additional CKS Servers
If you are installing CKS on multiple instances for a Highly-Available configuration, follow the instructions found here: Virtru Private Keystore (for Virtru Solutions): Install - Additional Instance, Linux Server